This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Link autofocus and minemeld

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Link autofocus and minemeld

Sarou22
L2 Linker

‎03-24-2021 08:25 AM

Hello,

Could you please explain me the link between autofocus and minemeld?

Thank you.

0 Likes Likes
4 REPLIES 4

LAYER_8
L5 Sessionator

‎01-31-2022 11:49 AM

Sure, Autofocus is being sunset in favor of Cortex XSOAR Threat Intel Management (TIM). 

 

Essentially, during a security incident, it's hard to investigate and operationalize data. To get questions answered like "is this a targeted attack, or generalized script? Who is the perpetrator, how do we stop them? What assets are at risk, where are attacks coming from and going to?" All that in a centralized place. Find that overview here.

 

Minemeld is a free tool that collects data and aggregates them into lists. For example, if you wanted to write a rule that allowed traffic using application "Facebook" only to known Facebook IPs, minemeld will be able to scrape those and output them into an EDL for the NGFW to ingest. 

Help the community! Add tags and mark solutions please.
Cortex XSOAR
Thumbnail of Cortex XSOAR
Palo Alto Networks
Cortex XSOAR
Security Operations
View on Product Page
0 Likes Likes

JimMcGrady
L4 Transporter

‎03-13-2022 08:41 PM

Xsoar seems like a much bigger system than Minemeld or Autofocus.  Is there anything that simply does the threat list aggregation and formatting for Palo, without all the other functions?

0 Likes Likes

LAYER_8
L5 Sessionator

‎03-22-2022 09:32 AM

Minemeld is still community supported here on LiveCommunity, so you can use it to build your custom lists and import threat feeds, if you choose. 

 

We also maintain some of our own lists here. With threat prevention subscription we give you 4 different EDLs specific to threat, as well. 

Help the community! Add tags and mark solutions please.
0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to JimMcGrady

‎03-22-2022 09:55 AM

Just as an FYI, the MineMeld image hasn't gotten updated in quite a long time. You could continue to utilize the Docker image and properly isolate it to become less of an issue, but it's still pretty outdated.

ENVOY is a potential solution you could look into along with EDL Manager depending on the feature set that you actually need to utilize. 

0 Likes Likes
  • 2716 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks